Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 6242:ef81c67e1ae7
mod_http_oauth2: Allow zero response types (e.g. with the password grant)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 03 Jun 2025 16:59:07 +0200 |
| parents | b460b2a65f0b |
| children | 5b269511ade7 |
comparison
equal
deleted
inserted
replaced
| 6241:b460b2a65f0b | 6242:ef81c67e1ae7 |
|---|---|
| 1296 default = "web"; | 1296 default = "web"; |
| 1297 }; | 1297 }; |
| 1298 response_types = { | 1298 response_types = { |
| 1299 title = "Response Types"; | 1299 title = "Response Types"; |
| 1300 type = "array"; | 1300 type = "array"; |
| 1301 minItems = 1; | |
| 1302 uniqueItems = true; | 1301 uniqueItems = true; |
| 1303 items = { type = "string"; enum = { "code"; "token" } }; | 1302 items = { type = "string"; enum = { "code"; "token" } }; |
| 1304 default = { "code" }; | 1303 default = { "code" }; |
| 1305 }; | 1304 }; |
| 1306 client_name = { | 1305 client_name = { |
| 1468 return nil, oauth_error("invalid_client_metadata", "Inconsistency between 'grant_types' and 'response_types'"); | 1467 return nil, oauth_error("invalid_client_metadata", "Inconsistency between 'grant_types' and 'response_types'"); |
| 1469 end | 1468 end |
| 1470 | 1469 |
| 1471 if set.intersection(grant_types, allowed_grant_type_handlers):empty() then | 1470 if set.intersection(grant_types, allowed_grant_type_handlers):empty() then |
| 1472 return nil, oauth_error("invalid_client_metadata", "No allowed 'grant_types' specified"); | 1471 return nil, oauth_error("invalid_client_metadata", "No allowed 'grant_types' specified"); |
| 1473 elseif set.intersection(response_types, allowed_response_type_handlers):empty() then | |
| 1474 return nil, oauth_error("invalid_client_metadata", "No allowed 'response_types' specified"); | |
| 1475 end | 1472 end |
| 1476 | 1473 |
| 1477 if client_metadata.token_endpoint_auth_method ~= "none" then | 1474 if client_metadata.token_endpoint_auth_method ~= "none" then |
| 1478 -- Ensure that each client_id JWT with a client_secret is unique. | 1475 -- Ensure that each client_id JWT with a client_secret is unique. |
| 1479 -- A short ID along with the issued at timestamp should be sufficient to | 1476 -- A short ID along with the issued at timestamp should be sufficient to |
